Some background: The Identity Server is powerful fully customizable authentication and authorization solution. I'm using it for last two years in my projects. It is cool system and most times works out of the box however, in some scenarios an cause a lot of troubles.

The official example can be found here Adding Apis. It's a good working example if you settings up Identity Server from scratch. However, in my case, I have to migrate existing endpoints from another application to existing Identity Server, which gives me no option to run the seeding data procedure(?).

To enable token validation for local API we just need to add the following to Startup.cs:

services.AddLocalApiAuthentication();

That was the easy part, now let's what is the tricky part: LocalApi schema is using IdentityServerApi scope. It is not added by default and need to be added manually in my case.

1. Create the API Resource for your local API

INSERT  [dbo].[ApiResources] ([Enabled], [Name], [DisplayName], [Created], [NonEditable])
VALUES (1, 'apiAuth', 'Auth API', GETDATE(), 0)

2. Create new API scope

INSERT [dbo].[ApiScopes] ([Name], [DisplayName], [Description], [Required], [Emphasize], [ShowInDiscoveryDocument], [ApiResourceId])
VALUES ('IdentityServerApi', 'Auth API', null, 0, 0, 1, <here comes the is from #1>)

3. Add IdentityServerApi to client scopes:

INSERT [dbo].[ClientScopes] ([Scope], [ClientId])
VALUES ('IdentityServerApi', <clientId assuming you have one>)

To the full gist